Kain avatar image
Kain asked

Client Read-Only Entities?

Reading the Getting Started Guide ( and the Entity API doc (, it seems that these are the same for both, client and server.

I'm still trying to wrap my head around how entities might relate to our intended usage for player data that we only want the server to modify. I get the impression that this is not the intended usage pattern for entities. Am I correct in assuming that there is no way to prevent a client from modifying entity objects?

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

brendan avatar image
brendan answered

[Corrected - see below]

Entities are a generic way of having data which may or may not be associated with a specific player. It sounds like what you want is a player-specific data store that cannot be modified by the client, so that you can ensure security of the data. We'll be providing more guidance on how to do things like that with Entities soon, but you could also use Player Read-Only Data for that in the short term:

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Kain avatar image Kain commented ·

So entities can never be readonly? Got it.

Our original plan was to use readonly player data with JSON.stringify, which we can certainly do. I was mainly looking to apply the same mentality to entity objects that we currently apply to the "Legacy" KVP data... Public, ReadOnly, and Internal.

I am a bit confused by your statement about entities not (usually) associated with a specific player, though. The example I saw on the Getting Started page for entities specifically used saveGameFile.bin as its use case, which is close to what we wanted to use it for, minus the part about trusting the client to authoritatively dictate the player's save state.

0 Likes 0 ·
brendan avatar image brendan Kain commented ·

Sorry, let me correct that (edited above). Entity data is really intended for any entity - players included. And, in fact, we should be encouraging folks to use the Entity data for players more, so that's my mistake. To control the way the Entity data can be written, you can use the Policy to set it how you'd like. I'm working right now with the feature team on getting a tutorial in place to go over that in more detail.

0 Likes 0 ·
Kain avatar image Kain brendan commented ·

Ah, ok. Thank you for that clarification. The API reference ( does not indicate which functions are server-only, which is what instigated this post. Looking forward to clarification from that upcoming tutorial.

0 Likes 0 ·
Show more comments
tldQuantic avatar image tldQuantic Kain commented ·

Hi Brendan,
Sorry to resurect this old topic but I was wondering if we could finally use entity objects to store read only player data from the server ?
Thanks for your help.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ tldQuantic commented ·

Yes, this can be done via modifying entity policy. Please navigate to [Game Manager] -> [Title Settings] -> [API features] and add the following object in Entity Global Title Policy:

    "Action": "Write",
    "Effect": "Deny",
    "Resource": "pfrn:data--*!*/Profile/Objects/*",
    "Principal": "*",
    "Comment": "title player can only read objects",
    "Condition": {
      "CallingEntityType": "title_player_account"

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.